CVE-2024-40685 IBM — Exploit & Vulnerability Details MEDIUM

Parameter	Value
CVSS	4.3 (MEDIUM)
Affected Versions	1.3.5.0 — 1.3.8.3
Type	CWE-352 (Cross-Site Request Forgery (CSRF) (Подделка межсайтовых запросов))
Vendor	IBM
Public PoC	No

IBM Operations Analytics – Log Analysis versions 1.3.5.0 through 1.3.8.3 and IBM SmartCloud Analytics – Log Analysis are vulnerable to a cross-site request forgery (CSRF) vulnerability that could allow an attacker to trick a trusted user into performing unauthorized actions.

Attack Parameters

Attack Vector

Network

Атака возможна удалённо

Attack Complexity

Low

Легко эксплуатировать

Privileges Required

None

Права не нужны

User Interaction

Required

Нужно действие пользователя

Impact Assessment

Confidentiality

None

Нет утечки данных

Integrity

Low

Частичная модификация данных

Availability

None

Нет нарушения работы

CVSS Vector v3.1

Weakness Type (CWE)

CWE-352 Cross-Site Request Forgery (CSRF) (Подделка межсайтовых запросов)

References 1

https://www.ibm.com/support/pages/node/7256429

psirt@us.ibm.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-1713

IBM

5.5

CVE-2026-1567

IBM

7.1

CVE-2025-14480

IBM

5.1

CVE-2025-14456

IBM

5.9

CVE-2026-2606

IBM

6.5

Menu

CVE-2024-40685

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-1713

CVE-2026-1567

CVE-2025-14480

CVE-2025-14456

CVE-2026-2606

CVE Details

Editor's Choice